Pinchie
commented
7 years ago Jeez late reply, sorry.
The logging table is/was used during testing after I make any significant changes to the iptables config.. the idea is that anything I throw at it trying to hit restricted IPs/services should be logged and dropped. At that time it's easier to amend the logging chain to actually log, then set it to dropping before release.
Once I've got iptables sorted (I've got it set to change to try subinterfaces soon) I may just set it to straight dropping instead. My figuring at the time is since it's at the end of the rules it shouldn't add too much at present to redirect and drop.
Happy Easter, hope you got lots of chocolate. 😄
Instead of adding a logging table that is used solely for dropping, you can set the default rules for each table to drop. Just change the -P area at the top of the rules from ACCEPT to DROP, and it should be just a little more efficient, unless you had to go this route for some reason.